from the don't-you-feel-safer-now? dept

The Atlantic has an article in which the author, Jeffrey Goldberg, put various Bruce Schneier theories to the test, to see just how ridiculous airport security is these days. As expected, he discovered that Schneier is correct in calling most airport security "security theater." It's designed to make people think they're safer because they see something that looks like security, even if that security does absolutely nothing to stop terrorists. As the article notes, it's not at all difficult for terrorists to bypass the system, so the only thing the system is really good for is to (a) catch really, really dumb terrorists or (b) to make other people think that the security is doing something.

Schneier, of course, has been making this point for years, so it was interesting to see what sort of response Goldberg was then able to get out of the TSA's boss, Kip Hawley. His responses seem to fall into one of two categories. First, he suggests that the TSA is well aware of the potential vulnerability described, but he can't really explain how it's been fixed, or secondly, he insists that any odd behavior will be spotted by trained employees and stopped. Except that Goldberg tested that theory too, attempting to behave quite strangely -- including ripping up a bunch of fake boarding passes in plain view of people... who all ignored him.

Hawley's responses at times border on incomprehensible:

"What do you do about vulnerabilities?" he asked, rhetorically. "All the time you hear reports and people saying, 'There's a vulnerability.' Well, duh. There are vulnerabilities everywhere, in everything. The question is not 'Is there a vulnerability?' It's 'What are you doing about it?'"

Well, what are you doing about it?

"There are vulnerabilities where you have limited ways to address it directly. So you have to put other layers around it, other things that will catch them when that vulnerability is breached. This is a universal problem. Somebody will identify a very small thing and drill down and say, 'I found a vulnerability.'"

Either there's some totally secret system that the TSA is using to actually stop these vulnerabilities, or there isn't a system and Hawley is just being confusing in order to create some doubt. I'm not sure either one makes me feel any safer about flying. While some may claim that we should feel safer because there might be a more secretive plan in place that Hawley won't talk about, consider me a skeptic. Security through obscurity has rarely proven to be as effective as a real and open security plan. I'm not saying that the TSA should reveal everything it does, but given Goldberg's experiences in "probing" the system, it's not clear that any "secret plan," whether real or implied, is working particularly well.

from the protect-the-vote dept

Last month, e-voting firm Sequoia threatened both independent researchers and New Jersey election officials if those independent researcher were allowed to inspect Sequoia's e-voting machines. This seemed like a very odd threat for a variety of reasons. Why wouldn't Sequoia want its machines inspected? The very fact that it was threatening legal action seemed like grounds to simply never use Sequoia e-voting machines. Sequoia claimed that existing inspections were enough, despite a history of problems in those inspections. Furthermore, Sequoia's own explanations for the problems with its machines in the primary elections this year were wrong. Ed Felten found that Sequoia's explanations didn't actually explain many of the problems. Unfortunately, though, with the threat of legal action, New Jersey agreed not to have Felten test the machines.

However, a New Jersey state judge has now ruled that it's perfectly reasonable for independent inspectors to review the machines. Unfortunately, she pushed back the date for such inspections until September, meaning that it won't affect this year's presidential election -- which will still use machines that may have problems. So while Sequoia didn't succeed in stopping independent examination of its machines, it did stall the process long enough so that the existing machines will stay in use for this year's elections -- despite the long list of problems that have been discovered with them. Apparently, we're still in beta when it comes to democracy.

from the security-theater dept

If you thought taking your shoes off and putting your liquids in little plastic bags was going to stop terrorists from smuggling bombs onto planes, think again. A new report from the Government Accountability Office finds that investigators were able to smuggle bomb components through TSA checkpoints without being caught. This isn't much of a surprise; a similar test last year found that the TSA caught only 2 out of 22 people who tried to smuggle dummy weapons through checkpoints in a Newark airport. This is not really surprising. The TSA's strategy has been basically reactive: the 9/11 hijackers used box cutters, so those get banned. Somebody tries to smuggle explosives onboard in his shoes, so the TSA makes us all take our shoes off. Somebody tries to smuggle liquid explosives onto a plane, so the TSA bans bottled water. There's no reason to think these rules actually make us safer, but they do allow the TSA to pretend they're "doing something" about terrorism. A TSA spokeswoman insists that this wasn't a fair test because they only got by one of their "19 layers of security." I wouldn't be surprised if the other 18 layers were as ineffectual than the others, but one thing that can be said for them is that they're a lot less annoying for travelers. How about if the TSA stops wasting resources forcing 5-year-old girls to take their shoes off, and shift those resources to the sort of in-depth police work that led to the foiling of last year's liquid explosives plot.